NY AG: 1.1M Online Consumer Accounts Found Compromised in Credential-Stuffing AttacksNY AG: 1.1M Online Consumer Accounts Found Compromised in Credential-Stuffing Attacks
Stolen credentials tied to cyberattack incidents at 17 "well-known" online retailers, restaurant chains, food delivery services.
January 5, 2022
The Office of the Attorney General (OAG) for the state of New York today said a months-long investigation into credential-stuffing operations uncovered some 1.1 million consumer online accounts that had been compromised in such attacks.
The stolen credentials belonged to consumers of 17 "well-known" online retail businesses, restaurant chains, and food delivery services, according to the OAG's office. Most of the businesses had been unaware of the attacks prior to the OAG's reporting them, and were advised on how to better lock down customer accounts and ensure their accounts were secured with new passwords and security controls.
Credential-stuffing is a wildly popular — and easy — method for attackers, who run tools that automate the process of using pilfered usernames and passwords across multiple online services in order to find accounts that reuse the same password. Password reuse is a common misstep among consumers weary of creating new passwords for each online account.
"Right now, there are more than 15 billion stolen credentials being circulated across the internet, as users' personal information stand in jeopardy," said NY Attorney General Letitia James. "Businesses have the responsibility to take appropriate action to protect their customers’ online accounts and this guide lays out critical safeguards companies can use in the fight against credential stuffing. We must do everything we can to protect consumers’ personal information and their privacy."
The OAG also published a report, "Business Guide for Credential Stuffing Attacks," that explains these types of attacks and how to protect against them.
Read more here.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023